The story can be found here @ http://digitalmass.boston.com/news/w...aw_hack:.shtml

Book by celebrated outlaw hacker describes tricks of the trade
By Jim Krane, Associated Press, 6/30/2002 14:37
NEW YORK (AP) Barred by the terms of his probation from messing with computers, ex-convict hacker Kevin Mitnick has turned to writing about them, baring the tricks of his former trade in a forthcoming book.

An advance copy of the book, ''The Art of Deception,'' describes more than a dozen scenarios where tricksters dupe computer network administrators into divulging passwords, encryption keys and other coveted security details.

But it's all fiction. Or so says Mitnick.

Those seeking Mitnick's version of his lawless escapades will have to wait. Personal details are carefully expunged from the book, which uses fictitious names of hackers, victims and companies.

''It's not the Kevin Mitnick story,'' said Mitnick, 38, of Thousand Oaks, Calif., who served five years in federal prison for stealing software and altering data at Motorola, Novell, Nokia, Sun Microsystems and the University of Southern California. He was released in January 2000 and is currently on three years' probation.

''This book isn't about my cases, it's creating fiction stories with the same techniques I've used and others have used,'' he said.

Mitnick says his message is aimed at computer security professionals, to help them stop people like him. But he agreed his tricks would also make good fodder for the dishonest.

''The information can be used for good or bad,'' he said.

The book's contents, to be released in October, are probably too tame to interest a malicious hacker, said Bruce Schneier of Counterpane Internet Security in Cupertino, Calif.

''The bad guys don't need to read this book,'' Schneier said. ''But the good guys need to know what the criminals are doing.''

Mitnick is best known for leading the FBI on a three-year manhunt that ended in 1995 when agents collared him in an apartment in Raleigh, N.C. with the help of a top academic security expert.

During the chase, the bespectacled outlaw continued to break into computer networks. He was considered a cult hero among hackers and a slippery felon by the federal judge who finally sentenced him.

''We've had a terrible, terrible time with this defendant,'' U.S. District Judge Mariana Pfaelzer said during a June 2000 hearing.

In his hacking heyday, Mitnick was described as an overweight, pimpled young man obsessed with fast food.

He has since undergone an image makeover. He's slimmed down, sports a stylish haircut and has appeared on television, in the courtroom as an expert witness and even before Congress.

Mitnick's life still revolves around weekly visits to Larry Hawley, his federal probation officer, who declined to return calls seeking an interview. Hawley is said to be keen to read his client's forthcoming book.

''He will be going over it in some detail,'' said a probation official in Los Angeles who spoke on condition of anonymity.

To be able to prevent the government from handing the book's earnings to his victims, Mitnick said he navigated between his probation roadblocks and the court-imposed restrictions on profiting from tales of his crimes.

''We've been very careful, we have nothing in the book that discusses my hacking,'' said Mitnick, who co-authored the book with tech journalist William Simon.

Terms of Mitnick's three years of probation which ends in January require that he keep his hands off all computers, software, modems, cell phones and any devices that would give him access to the Internet. His travel and employment are also restricted.

Although some of his requests have been denied especially those relating to travel Mitnick received permission to carry a cell phone, to visit his book's New York publicist and to type the manuscript on a computer that is not connected to the Internet.

The probation official said the office hadn't been informed of Mitnick's plans for a six-city book tour in November, and wasn't sure whether the ex-convict would be permitted to travel.

The book's veneer of fiction appears quite thin except perhaps where it veers into boasting. Behind their hokey aliases, the characters sound quite like the author.

In one anecdote, Mitnick writes of a hacker who downloads a server's encrypted password file and uses a cracking program to perform a ''brute-force attack.'' The hacker soon gains the keys to the company network.

In another episode, a rogue caller tricks a company's IT help desk into believing he's an employee stuck at home in a snowstorm. The swindle ends with the hacker palming a password.

In another, a con man talks a night watchman through the motions of creating an account for him on a company computer network. In another, a smooth-talking caller dupes an employee into downloading a ''Trojan horse'' program that gives the hacker remote access to the network.

Several of these fictitious scenarios resemble schemes Mitnick confessed to when sentenced in 1999, according to court documents provided by the former assistant U.S. attorney who prosecuted the case, Christopher Painter.

The confession, signed by Mitnick, describes how the hacker deceived operators at dozens of real companies and stole computer source code as well as services like phone calls and Internet server space using many of the same ruses.

Painter, now deputy chief of the Computer Crime and Intellectual Property Section at the U.S. Department of Justice, described Mitnick's tactics as closer to those of the old-time con man than of a computer scientist.

Since his release from prison, Mitnick has made a living by using his ill-gotten skills as the basis for magazine articles, speaking engagements and a recent AM radio talk show in Los Angeles.

Mitnick swears that he'll never hack again but not because prison taught him anything.

''Prison had nothing to do with my rehabilitation,'' Mitnick said. ''I grew out of my hacking. Now I'm 38. There are no 38-year-old hackers out there.''


On the Net:

Mitnick's site: www.freekevin.com

Computer Crime and Intellectual Property Section at the U.S. Department of Justice: http://www.cybercrime.gov

Is anyone else gonna buy his book?